These days, effective cybersecurity in healthcare is as critical as ever. Last year, more than 32 million patients had their personal and medical information stolen in data breaches across the United States. While moves are being made, the fact remains that healthcare providers still have many holes to plug when it comes to the illegal or accidental outpouring of patient data.

Detectify Crowdsource hacker Akhil George, aka streaak, is a full-time student who chases bug bounties during his free time. His hacking interests started with CTF competitions and eventually shifted to bug bounties, gaining him recognition abroad including this report from NBC. Our Crowdsource guest blogs give readers an inside look into the mind of an ethical hacker, this month’s contribution goes on to discuss the recon techniques streaak used in 2019.

Teleport 4.2 delivers a strong foundation of new features. We have a full list of improvements and fixes attached to our Teleport 4.2.0 GitHub release. Below are a couple of the highlights. Teleport now provides greater visibility into what’s happening during a Teleport session with our Enhanced Session Recording. We’ve also laid the groundwork for a world of possibilities with our enterprise-only Role Escalation via a Workflows API.

The California Consumer Privacy Act (CCPA) or AB 375 is a new law that became effective on January 1 2020, designed to enhance consumer privacy rights and protection for residents in the state of California by imposing rules on how businesses handle their personal information. The CCPA is the most extensive consumer privacy legislation to pass in the United States and is akin to the European Union's General Data Protection Regulation (GDPR) and other data privacy laws and privacy regulations.

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your organization take to optimize your current ICS cybersecurity program?

In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined term and could speak to a variety of different technology ecosystems with their own security considerations.

In part 1 of the GitOps blog series, we discussed the value of using GitOps for Calico policies, and how to roll out such a framework. In this second part of the series, we will expand the scope to include decentralized deployment and GitOps.

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.

How does your application handle failure? Your first level of response might focuses on logging and displaying errors, but it merely captures the problem rather than resolving it. What happens if a vital service is offline or under heavy load? What about simply not performing at the standards you might expect? As your application relies more on services that you don't control, like third-party APIs, the need to handle these variables when they arise becomes more important.

I was watching an interview with an American Congressional member the other night, and I could not help but notice the person’s lack of cybersecurity awareness. As a disclaimer, please note that this is not a piece promoting or denouncing any political party, or view. I do not discuss politics unless it relates to a cybersecurity matter. In two previous posts, I have been misunderstood and thought to be promoting a position, but that isn't my intended purpose - cybersecurity awareness is.